There is probably not a single office that does not use shared local network resources, whether they are folders or printers. Large and medium-sized companies use the capabilities of Active Directory, while smaller companies use regular Windows or Samba tools, but on servers on Linux OS. Look at all the cases.
How to configure Samba:
- What is Samba?
- How to set up a shared folder
- How to set up a shared folder in Linux
- How to set up a shared folder on Windows
- How to connect to a shared folder
- How to connect to Linux shared folder
- How to connect to a Windows shared folder
- How to create a Network Share in Samba
What is Samba?
Samba is a server application that implements client terminals' access to folders, printers, and disks over the SMB/CIFS Protocol.
Configuring shared folders
Linux
The installation and configuration of the Samba server for Ubuntu is performed in the following steps.
Update information about repositories and install updates for existing software packages in the system:
Installing the Samba pack:
Creating a reserve copy of the configuration file:
Creating directories for files, for example in the /media catalog:
Important! By default, the /media directory is located at the root of the system/, and a separate partition is rarely created for it. For this reason, the root partition may overflow. To avoid this unpleasant situation, we recommend mounting a separate hard drive in /media/samba.
Creating a folder for all users:
Changing the folder access rights:
You should also use the chown command to change the owner and/or group.
Creating a directory for a limited number of people:
Using the system tools, we will create a user group:
Adding Samba users:
Adding the created users to the group:
Changing the group that the private directory belongs to:
Use the Samba tools to create a password for the added user:
Use a text editor such as nano to edit the samba configuration file:
Deleting all lines from the file. Insert the following:
workgroup = WORKGROUP
security = user
map to guest = bad user
wins support = no
dns proxy = no
[public]
path = /media/samba/public
guest ok = yes
force user = nobody
browsable = yes
writable = yes
[private]
path = /media/samba/private
valid users = @smbgrp
guest ok = no
browsable = yes
writable = yes
Save using the combination Ctrl + X, then press Y and Enter.
Let's explain the string values. The configuration file consists of three sections:
global — this section is responsible for the General settings of the Samba server;
public и private — the description section of the settings directories are shared.
The global section contains five parameters:
- workgroup — working group. To simplify the work of users, WORKGROUP is specified as the default group. If the workgroup name is changed in your network, you should also change this value for Samba;
- security — the security level of the server. The value user means authorization by the username/password pair;
- map to guest — this parameter defines how requests are processed. The bad user value means that requests with an incorrect password will be rejected, even if such a user name exists;
- wins support — • enable or disable WINS support;
- dns proxy — the ability to proxy requests to a DNS.
Directory settings are made in the corresponding sections:
path — full path to the directory on your hard disk;
guest ok — ability to access the folder without a password (guest);
browsable — whether to show the folder on the server, among others. If the parameter is set to " no”, access will be possible using the full path, for example, ip-address hidden_directory;
force user — the user who is working with the folder. To increase server security, “nobody” is usually used. The main thing is that it is not safe to use the root user.
writable — setting the value to “yes” allows the user to perform actions on files inside the folder — rename, add, delete, move to a subdirectory, and copy;
valid users — list of users who have access to the folder. If there are several users, their names are separated by commas. If access is required for users belonging to a group, the symbol ”at” (@) is set before the group name.
Important! The name of the shared directory displayed to users is equal to the name of the section where it is described.
Check the settings using the command:
Restarting the server:
Configure the firewall. To do this, open TCP ports 139 and 445 in the rules, as well as UDP ports 137 and 138, but only for those subnets that you trust. To specify your own address range, replace the value after the “-s " key”:
iptables -A INPUT -p tcp -m tcp --dport 139 -s 10.0.0.0/24 -j ACCEPT
To save the rules and apply them after restarting the server, use the iptables-persistent package. Install it:
During the installation of the package, the program will ask you to save existing iptables rules. Confirm this action.
To check existing rules, use:
Windows
Similar to Linux, we will configure shared access to the public and private folders, but in Windows.
To create shared access to a folder without password protection, you must configure security restrictions in the control panel. To do this, open:
Control panel → Network → network and sharing Center → Advanced sharing settings.
In the updated window, open the section "All networks” and look for the section" Shared access with password protection”. Setting the parameter to “Disable password-protected sharing”. To save the parameter values, click the “Save changes” button.
Now we will open access to the folder itself. Right-click on the folder and select “Properties” in the context menu. Open the "Access" tab and click on "Advanced settings".
In the advanced sharing settings window that opens, select the “Open shared access to this folder "checkbox in the “shared resource Name" field” specify the name that will be displayed to users. Click on the "Permissions" button.
In the window that opens, in user groups, select "All”, and in group permissions, set the “Full access" checkbox. Click " OK " in this and other Windows.
In the properties window of the public folder, click the "Shared access" button.
In the window that opens, add the “All "user, and delegate the" Read and write" rights. Click on the "Share" button.
In the updated window, click "Done".
Setting up a shared folder, but for a limited number of people.
Right-click on the folder and select "Properties".
In the window that opens, go to the “Access " tab. Click on the "Advanced settings" button.
In the new window that opens, set the “Open shared access to this folder " checkbox. Then click on the "Permissions" button.
In the window that opens, in the “Groups or users” field, select "All “and click ”Delete".
This means that anonymous access to the folder is not allowed.
The window will update. Click on the "Add " button.
In the window that opens, click the "Advanced" button.
The window will change in size. Click on the "Search" button. Double-click to select the user who needs access to this folder, for example, accountant.
In the window that opens, if desired, we can add another user via "Advanced“ — "Search". Similarly, you can add a group of users, such as "Administrators", but you should understand that access will be granted to all users in this group.
Setting access rights for the user "accountant". If you need full access to the directory, set the checkbox in the appropriate place.
Clicking the "OK "button returns to the folder properties window, where we click on the "Shared access" button.
In this window, you need to find and add the user "accountant".
In the window for selecting users and groups, click the "Advanced" button.
The window will change its size again. Click on the "Search" button. In the list of users and groups found below, select the user you are looking for. Double-click it.
In the remaining window, check whether the user is specified correctly and click "OK".
Set the required permission level for the user and click on the "Share" button.
Click on the "Done" button.
Connecting to shared folders
from Linux
To connect to shared folders from the Linux environment, you need to install a separate software-smbclient. Establish:
To connect to the server, use the following command format:
Example:
In order to avoid typing this command every time, it is possible to configure the mounting of a shared directory as a network drive. To do this, install the CIFS-utils package:
The following template is used for mounting:
Important! If you need to connect to shared folders located on a Windows server, use “Everyone” as the user name for non-password-protected directories. To connect to a Linux server, we recommend using “nobody” as the user name. If you have access to protected directories, use the credentials you specified.
from Windows
Connecting to deleted folders from the Windows environment is slightly different. To do this, use the following template in Windows Explorer or the program launch window (Windows + R):
By simply specifying the server IP address, you will get a list of shared folders.
When connecting to a Windows server, the security system may require you to enter credentials. To connect to a shared open folder, use Everyone, and leave the password field empty.
When connecting to a Linux server from Windows, use the template specified earlier:
or just the server address:
How to create a Network Share in Samba
Create a directory wich you want to share:
Make a backup, if something goes wrong:
Edit the file "/etc/samba/smb.conf":
Add this in the end of the file:
path = /home//
valid users =
read only = no
Enter yout own information, save the file and exit it.
Restart the Samba:
Use this command to check your smb.conf for any errors:
To access your network share use:
# List all shares:
smbclient -L /// -U
# connect:
smbclient /// -U
Note 1: To access your network share use your username (user_name) and password through the path "smb:////" Note that "" value is passed in "[folder_name]", in other words, the share name you entered in "/etc/samba/smb.conf".
Note 2: The default user group of samba is "WORKGROUP".